Google and Mozilla recently released Chrome and Firefox software updates to resolve multiple vulnerabilities in both browsers, including high-severity memory safety bugs. On Tuesday, Chrome 122 was released in the stable channel with patches for 12 security defects, including eight that were reported by external researchers. Two of these are high-severity flaws, the most severe of them, based on the paid bug bounty reward, being an out-of-bounds memory access bug in Blink.

A team of researchers in India developed a hybrid approach to improving the security of online applications, particularly within cloud computing. They have showed that merging two techniques, homomorphic encryption and the Squirrel Search Algorithm (SSA), significantly enhances the security of cloud computing models. Encryption is essential in protecting data from unauthorized access or breaches. The team assessed the effectiveness of their approach by measuring upload and download times, as well as encryption and decryption times.

Researchers recently discovered a fundamental design flaw in a Domain Name System (DNS) security extension that could lead to widespread Internet outages. The security vulnerability, called KeyTrap and tracked as CVE-2023-50387, was discovered by a team from the Germany-based ATHENE National Research Center for Applied Cybersecurity. According to the team, a single packet sent to a DNS server implementation using the DNSSEC extension to validate traffic could cause the server to enter a resolution loop, consuming all of its own computing power and stalling.

According to Veracode, 42 percent of applications and 71 percent of organizations have security debt, which is defined as flaws that have gone unfixed for more than a year. Forty-six percent of organizations have critical security flaws that risk confidentiality, integrity, and availability. Veracode found that 63 percent of applications have flaws in first-party code, and 70 percent have flaws in third-party code imported through third-party libraries. These findings emphasize the importance of testing both types throughout the Software Development Life Cycle (SDLC).

A representative of the Knight ransomware is selling the alleged source code for version 3.0 of the ransomware on a hacker forum. Knight ransomware, a rebrand of the Cyclops operation, was launched at the end of July 2023 and targets Windows, macOS, and Linux/ESXi systems. It gained popularity by providing infostealers and a 'lite' version of its encryptor to lower-tier affiliates targeting smaller organizations. This article continues to discuss the source code for the third iteration of the Knight ransomware being offered for sale to a single buyer on a hacker forum.

Researchers have found two malicious packages on the Python Package Index (PyPI) repository that used a technique known as DLL side-loading to avoid detection by security software and execute malicious code. The packages, NP6HelperHttptest and NP6HelperHttper, were downloaded 537 and 166 times before their takedown. According to ReversingLabs researcher Petar Kirhmajer, the latest discovery is an example of DLL side-loading carried out by an open-source package, suggesting that the scope of software supply chain threats is growing.

According to security researchers at Patchstack, hackers are exploiting a recently patched vulnerability in the Bricks Builder plugin for WordPress to hack websites and deploy malware.  The issue tracked as CVE-2024-25600 is described as a remote code execution (RCE) flaw that can be exploited without authentication to execute arbitrary PHP code on an affected WordPress website.  The researchers noted that an analysis of the process calls revealed that no proper permissions or role checks were applied when a function handling a REST API endpoint was involved.

Researchers warn that cloud attackers have launched a new cryptocurrency jacking campaign targeting exposed Redis deployments. Unlike previous attacks on the in-memory data store, the threat actors use specific system-weakening commands prior to installing their cryptocurrency mining malware. Cado Security researchers named the new miner Migo and noted that it is being deployed with a user mode rootkit. The malware also includes a persistence mechanism to ensure its survival through reboots. This article continues to discuss findings regarding the Redis attack campaign.

It has been confirmed that 28,500 Microsoft Exchange servers are vulnerable to Elevation of Privilege (EoP), putting affected organizations at risk because many users rely on Exchange for work. A cybercriminal can use the EoP bug to relay a leaked Net-NTLMv2 hash to a vulnerable Exchange server in order to authenticate as a user. Hackers could crack NTLM hashes or use an NTLM relay attack. This article continues to discuss the vulnerability of 28,500 Microsoft Exchange servers to an EoP issue.

MrAgent is a new ransomware tool that operates as a binary designed to run mainly on VMware ESXi hypervisors. Its purpose is to automate and track ransomware deployment across large environments with multiple hypervisors. The gang found to be behind the tool, the RansomHouse Group, is a Ransomware-as-a-Service (RaaS) operation that was discovered in late 2021 and has been actively deploying ransomware variants on corporate networks. According to researchers, the RansomHouse Group extorts its victims twice. This article continues to discuss the RansomHouse Group and its new MrAgent tool.